[Alert long text]
This post is dedicated of course for the people that played and experienced that old and hard tibia. And thats why this is so mindblowing for some of us.
I've just watched a 1h30m video of a brazillian talking about a bug that existed on his char.
He was called "Px". After this guy, CipSoft created the namelock Stuff. This story is 13 years ago and he decided to reveal all the truth only last year although already existed in rly old forums about this, but on tibia site u can check only 2009+ forums.
Im pretty sure that an old player (not necessariliy) of Eternia FOR SURE should know or remember something about this. About a MASSIVE HACKING ACCOUNT that occured in the begin of 2004, on Eternia server.
Like 100~150 daily accounts hacked per day, the massive hacking lasts 5-6 months (said by Px owner)
Does anyone played on Eternia in old times here? Could tell something for me/us? Maybe a memory of a guy typing 'ae' on Trade, haha.
There MUST have something on fórums about this.
In 08/02/2004 the player "Px" discovered a bug in his account. After that, a massive hacking started.
"Px" typed "ae" for a friend that just went online on his vip. ["ae" means "hey!" in brazilian-pt]
But he missed the channel wich he wanted to send, and accidentaly it gonne to TRADE-CHANNEL. In that time you didnt had to wait 1-2minutes to talk/offering, so people use that for talking.
He said that when he missed the 'ae' typing, at the same time, he received private messages from characters/players within their account/password numbers. It was ALWAYS a 'small list' containing 1~10 account numbers ALWAYS. He said sometimes the list came with repeated stuff, sometimes all equal, sometimes the same list he received two times ago,etc.
Actually now-a-days, if you try to type your password and send it, the game will open a window of warning saying you cant do or shouldnt do that, this kinda stuff.. but in that time you just could do a lot of stuff, for example, the 'warning' of copy/paste link that actually exists on game now, didnt existed before.... It was very old stuff, very old programmation. The game had a lot of issues and was growing up, bugs was beeing reported and bla bla bla.
Passed some months, after making lots of real money selling items cheap on his own city, his ''best'' friend reported him to a GM, saying that his account had a Bug.
He used to do the "ae" trade channel bug in LAN HOUSES, in front of a LOT of people that gone MAD in that time.
That was really really rare stuff, specially on brazil where we had to sacrifice our home-telephone to access a 20-40kbps internet after the midnigh (cuz was cheapier).
The top tibia lvl on town was like 35-45. It was a FEVER in that times. Thats why he said he HAD to show for everyone.
Well, Px got a 1 week ban. Because of the fact of Eternia Mass Hacking happening, Cip bannished him even before asking anything for him, the message from Cip explaining the ban was saying about investigation suspicious conduct (all said by Px)
When he came back, very anxious, he made the bug again(ingenous kid, but totally expected conduct)... and probably this time, Cip was monitoring him. 2 days after the 7 days ban, he was banished again, and this time, for 30 days.
When he came back, he had to change his name, the NameLock had been created.
He changed his name to ''Genioushar'', that a time after, got deleted. (Maybe Cip assumed that he had lot of items on his depot)(and checked too xD).
Salary in Brazil in that time (2004) Was no more than 500R$.. or (for your understanding)it means $USD 150.
He made so much more than 10.000$.. ($USD 350) per month. and in that time, in the country, this really really was a lot of money, it was the price of a popular car.
So here goes Px pointed facts about the reason he THINKS the bug occured with him.
* "Px" has 2 consonants, what he typed has 2 vogals "ae". Something just blow'd the system making a "unwanted command" accidentally or even a "bug" on system... since everytime a command was typed, a result on system replies.(I dont know this nerd stuff) but basically, (saying "ae" on trade = receive accs of online ppl with at least one "hidden" character on account)
* AT LEAST ONE CHARACTER HAS TO BE ONLINE ON THE ACCOUNT IN THE MOMENT FOR ''BE ABLE'' TO SENDING THE ACC/PASS for PX after the "ae" typed on trade.
* AT LEAST ONE CHARACTER HAS TO HAD THE BOX ''HIDDEN'' ON TIBIA COMMUNITY SITE MARKED.
* POOR AND RETROGRADE PROGRAMMING OF THAT TIBIA. It was maybe the 7.1~7.2 or 7.3 version of game.
A lot of renomated and famous tibia sites from that time talked about this.
Here I will put some Links for you checking.
Here is his most famous photo. A free account character with Aol and Stuff, just after hacking the first person after the bug occured for first time. A druid that was sleeping in a ab'dendriel house. In 2004 this set value on Brazil like 120 dollars +-. (360 R$+-) (almost a salary)
also can be checked on his fotolog made only for showing his friend the photo of items.
Remembering that the Top Level BR-town was 35-45, was kinda impossible for a low level getting these stuff. The Screenshot is at 02:20 AM, (the hour when you could connect to poor internet in Brazil without expending too much on that time). Minutes after his first ''Victm''. (So I ask u how a low lvl with poor internet country got that..)
On SS's private channel he is explaining for the friend that just went online on VIP (the one that he tried to type "ae"[hey]). His friend just said ''Then you entered in the house?" and he said ''Yes, there was stuff of a lot of people, I will take a screenshot to post for you see ok? (thats the only reason he created the fotolog, to show the friend the photo, check the date)
Here is the Px owner, that revealed how ALL happened in a long extend video the whole story.
He also tagged lot of ppl facebook's profile that experienced with him all that.
On comments of video you can check oldplayers saying that in 2004~ they did found some topics/forums about massive hacking on Eternia on that times.
Also a guy that said a similar bug happened to an old OTserver that he used to Host, thats why he believed
Here you can check a post of renomated site of tibia, portaltibia, in his BR version.
(there is a cellphone picture cause in the time he even traded items for stuff. A Magic plate armor was traded for the first generation of cellphones we had on Brazil)
This is him. Posting on facebook for remembering all what happened in 13 years ago.
Mentioning the topic was created just for him, made from portaltibia.
Im trying to reach a video of Px bug recorded on TibiCAM, on comments people r doubting and he just answered he will gonna check his HD of old computer to show people. For sure I'll post here
Actually I've PMed all the people he tagged and asking details, all confirmed till now.. I just wanted to know from a God of Programmer Knowledge how the hell that happened, if is possible.... cause seems really possible to me.
Px said he hacked almost the whole Eternia server.... so much more than 1000 accounts(not all them had good equips, lots was low and nb chars too) but he said that the most memorable experience was with a Knight in that time Called Kaiser or Kaisher, and a paladin called exactly Azgaroth. They were in the 1 Demon Edron respawn, he got AOL, killed himself and ran to send him parcels. (for a noob with plate set that hunt amazons that should be pretty excting)
Both chars deleted or idk what happened to them nowadays.
If you have a friend that used to play on eternia on old time, show him this, please.
Im not saying this guy is a hero, but this all is insane.
What you guys think?[img src=]
It is really hard to say if it might be true or not as in programming everything is possible. I would go with no. Not that way, because a) name is just a text, saved somewhere in database / text file.
As well, why CipSoft would implement a system to send the message with accounts & passwords, from point of view it would be something strange. As well the messages back in day could held just 255 characters I think, I do not remember anymore. So it would not be possible anyway to send it per one message.
What could it be a some kind of SQL injection, where instead of normal text they have send as their name, message a special piece of code, so that when server operate on it he sends back info.
One other thing which is highly doubly is that CipSoft stored password as strings, or in deco-possible strings. The standard is that the password is hashed somewhere in database and the only way to check if it is correct one, is to compare both passwords with same system. In other words, someone try to login as "A", he as well puts password "xyz". System then looks for record with user "A", encode the password "xyz" and then compare if the output is the same as password saved in the database to user "A" record.
So as much I could be a bug that got all this people hacked, I do not believe it was simply "ae"... but who knows, I never had an eye on CipSoft code.
About the limit character 255 [...]
maybe I've expressed myself not that good
He said he receives xxxxxxxx/xxxxxxx from each person
(online person with hidden character atleast, all stuf]
ty for replying Senator
Seems like cheese to me ;P
todo muy interesante, de hecho me puse a investigar y no encontré nada en mi idioma (español) que hablara de este caso. a pesar ya paso mas de 1 año quelo comentó en sus comunidades. realmente me quedé perplejo. saludos y buen aporte.!!